[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f3Op-qoZew7d50vWrzRlTRzf5vAODUjq--P0-0_D28_A":3},{"article":4,"iocs":51},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":31,"category":32,"article_tags":35},"e1238397-364d-46e5-94eb-8c5c900c22bc","We analyzed Heartflabrace\u002FDoubao-Claw\n\nA malicious \"AI skill\" posing as a Volcengine\u002FByteDance Do...","we-analyzed-heartflabrace-doubao-claw-a-malicious-ai-skill-posing-as-a-volcengin-e73670","We analyzed Heartflabrace\u002FDoubao-Claw\n\nA malicious \"AI skill\" posing as a Volcengine\u002FByteDance Doubao CLI, part of the OpenClaw \"Claw\" malware ecosystem @Zscaler exposed last week.\n\nThe lure is 7,000 words of legitimate-looking documentation including FAQs, architecture diagrams, https:\u002F\u002Ft.co\u002FUq2nkvepTN","Zscaler identified a malicious \"AI skill\" disguised as a legitimate Volcengine\u002FByteDance Doubao command-line interface tool, part of the broader OpenClaw malware ecosystem previously exposed. The malware uses sophisticated social engineering, including 7,000 words of convincing documentation, FAQs, and architecture diagrams to deceive victims. This represents an evolution in supply-chain and open-source ecosystem attacks targeting developers.","Zscaler discovers malicious AI skill posing as ByteDance Doubao CLI in OpenClaw ecosystem.",null,"https:\u002F\u002Fx.com\u002Fnextronresearch\u002Fstatus\u002F2053767476651995310","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHIByedFWUAArsQj.jpg","2026-05-11T09:21:38+00:00","2026-05-11T10:00:05.550225+00:00",8,[18,21,23,26,28],{"name":19,"type":20},"ByteDance","vendor",{"name":22,"type":20},"Volcengine",{"name":24,"type":25},"Doubao","product",{"name":27,"type":20},"Zscaler",{"name":29,"type":30},"OpenClaw","campaign","89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5",{"id":31,"icon":11,"name":33,"slug":34},"Malware","malware",[36,41,46],{"category":37},{"id":38,"icon":11,"name":39,"slug":40},"26b0b636-0e31-4db1-bffb-61bdf9f20a58","Supply Chain","supply-chain",{"category":42},{"id":43,"icon":11,"name":44,"slug":45},"ade75414-7914-4e23-a450-48b64546ee70","Open Source","open-source",{"category":47},{"id":48,"icon":11,"name":49,"slug":50},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[52,55],{"type":34,"value":53,"context":54},"Heartflabrace","Malicious AI skill component of OpenClaw ecosystem",{"type":34,"value":56,"context":57},"Doubao-Claw","Fake Doubao CLI tool distributed as malware"]